[Pkg-voip-commits] r8797 - in /asterisk/branches/squeeze/debian: changelog patches/AST-2011-002 patches/series

tzafrir at alioth.debian.org tzafrir at alioth.debian.org
Tue Feb 22 10:01:40 UTC 2011 

Author: tzafrir
Date: Tue Feb 22 10:01:30 2011
New Revision: 8797

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=8797
Log:
AST-2011-002: Multiple crash vulnerabilities in UDPTL code

Modified:
    asterisk/branches/squeeze/debian/changelog
    asterisk/branches/squeeze/debian/patches/AST-2011-002
    asterisk/branches/squeeze/debian/patches/series

Modified: asterisk/branches/squeeze/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/changelog?rev=8797&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/changelog (original)
+++ asterisk/branches/squeeze/debian/changelog Tue Feb 22 10:01:30 2011
@@ -1,3 +1,9 @@
+asterisk (1:1.6.2.9-2+squeeze2) stable-security; urgency=low
+
+  * AST-2011-002: Multiple crash vulnerabilities in UDPTL code
+
+ -- Tzafrir Cohen <tzafrir at debian.org>  Tue, 22 Feb 2011 11:38:42 +0200
+
 asterisk (1:1.6.2.9-2+squeeze1) stable-security; urgency=high
 
   * AST-2011-001/CVE-2011-0495: Stack buffer overflow in SIP channel driver

Modified: asterisk/branches/squeeze/debian/patches/AST-2011-002
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/AST-2011-002?rev=8797&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/patches/AST-2011-002 (original)
+++ asterisk/branches/squeeze/debian/patches/AST-2011-002 Tue Feb 22 10:01:30 2011
@@ -1,9 +1,14 @@
-From b84b2ec267760225cb709a85a771cbda9c6e0bc8 Mon Sep 17 00:00:00 2001
 From: Leif Madsen <lmadsen at digium.com>
 Date: Mon, 21 Feb 2011 18:34:23 +0000
-Subject: [PATCH] Merge changes related to AST-2011-002 and FAX-281.
+Subject: Multiple array overflow and crash vulnerabilities in UDPTL code
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=308507
 
-Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=308507
+When decoding UDPTL packets, multiple stack and heap based arrays can be
+made to overflow by specially crafted packets. Systems doing T.38 pass
+through or termination are vulnerable.
+
+See also: http://downloads.asterisk.org/pub/security/AST-2011-002.html
+
 ---
  main/udptl.c |   48 +++++++++++++++++++++---------------------------
  1 files changed, 21 insertions(+), 27 deletions(-)

Modified: asterisk/branches/squeeze/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/series?rev=8797&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/patches/series (original)
+++ asterisk/branches/squeeze/debian/patches/series Tue Feb 22 10:01:30 2011
@@ -27,3 +27,4 @@
 rtcp_cli_fix
 
 AST-2011-001
+AST-2011-002

More information about the Pkg-voip-commits mailing list